The European Data Protection Supervisor (EDPS) found, on Friday 8 March, in the conclusions of an investigation conducted since May 2021, that the European Commission had breached a number of data protection rules in its contract with Microsoft.
Specifically, the EDPS considers that the contract between the Commission and Microsoft 365 is not sufficiently precise as to the type of personal data collected and the purposes for which it is collected. The European supervisor is therefore asking...